CVE-2021-21726

Severity Score

2.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:<ZXONE 9700 , ZXONE 8700, ZXONE 19700><V1.40.021.021CP049, V1.0P02B219_@NCPM-RELEASE_2.40R1-20200914.set>

Algunos productos ZTE presentan una vulnerabilidad de comprobación de entrada en la interfaz de la función de diagnostico. Debido a una comprobación insuficiente de algunos parámetros ingresados ??por los usuarios, un atacante con altos privilegios puede causar una excepción en el proceso insertando repetidamente parámetros ilegales. Esto afecta a:

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-04 CVE Reserved
2021-03-12 CVE Published
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1014664	2021-03-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zte Search vendor "Zte"	Zxone 9700 Firmware Search vendor "Zte" for product "Zxone 9700 Firmware"	1.40.021.021cp049 Search vendor "Zte" for product "Zxone 9700 Firmware" and version "1.40.021.021cp049"	-	Affected	in	Zte Search vendor "Zte"	Zxone 9700 Search vendor "Zte" for product "Zxone 9700"	-	-	Safe
Zte Search vendor "Zte"	Zxone 8700 Firmware Search vendor "Zte" for product "Zxone 8700 Firmware"	1.40.021.021cp049 Search vendor "Zte" for product "Zxone 8700 Firmware" and version "1.40.021.021cp049"	-	Affected	in	Zte Search vendor "Zte"	Zxone 8700 Search vendor "Zte" for product "Zxone 8700"	-	-	Safe
Zte Search vendor "Zte"	Zxone 19700 Firmware Search vendor "Zte" for product "Zxone 19700 Firmware"	1.0p02b219_\@ncpm-release_2.40r1-20200914.set Search vendor "Zte" for product "Zxone 19700 Firmware" and version "1.0p02b219_\@ncpm-release_2.40r1-20200914.set"	-	Affected	in	Zte Search vendor "Zte"	Zxone 19700 Search vendor "Zte" for product "Zxone 19700"	-	-	Safe